Whole Disk Encryption

The best way to do this currently is with the cryptsetup tool, which uses a Device Mapper approach. i.e. the physical drives get mapped to logical drives with the encryption layer nicely hidden in between.

For an array of multiple drives you get better performance by encrypting each disk individually, then assembling them into the array. In this way you get one thread per disk, rather than than one thread for the whole array.

Note: this is not about encrypting your boot disk. We'll save that for a different note.

# Install cryptsetup and format those disks. You could in theory use a partition rather than a whole disk if neededapt-get install cryptsetupcryptsetup luksFormat /dev/sdccryptsetup luksFormat /dev/sdd

If you want this partition to be mounted during boot, you'll need to create a keyfile and you can search for that info (I've not done it). If however, you just want to mount manually, here is a handy script to help with opening multiple disks (assuming you used the same password). We're using blkid here, since that's better for removable disks that tend to get shuffled around in their sdb, sdc, etc order.